CVE-2018-1000603
Description
A exposure of sensitive information vulnerability exists in Jenkins Openstack Cloud Plugin 2.35 and earlier in BootSource.java, InstancesToRun.java, JCloudsCleanupThread.java, JCloudsCloud.java, JCloudsComputer.java, JCloudsPreCreationThread.java, JCloudsRetentionStrategy.java, JCloudsSlave.java, JCloudsSlaveTemplate.java, LauncherFactory.java, OpenstackCredentials.java, OpenStackMachineStep.java, SlaveOptions.java, SlaveOptionsDescriptor.java that allows attackers with Overall/Read access to Jenkins to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins, and to cause Jenkins to submit HTTP requests to attacker-specified URLs.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.jenkins-ci.plugins:openstack-cloudMaven | < 2.37 | 2.37 |
Affected products
1Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-grf8-94q5-4phxghsaADVISORY
- jenkins.io/security/advisory/2018-06-25/nvdVendor AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2018-1000603ghsaADVISORY
- github.com/jenkinsci/openstack-cloud-plugin/commit/7123cf70c5223f22b44a3c7e59255c6a6e44da8bghsaWEB
- github.com/jenkinsci/openstack-cloud-plugin/commit/9ec76f8db6aa5b9e868c5d7dade09f1ef1a0fdb6ghsaWEB
News mentions
0No linked articles in our index yet.